Due to the requirement for Device Control Engine (DCE) certificate pinning, certificate expiry will cause the DCE to create new certificates. Following this, the DCE will reject communication from the devices. It is important to know how to check the expiry date of the DCE certificate, to allow the creation of new certificates without loss of service.
There are three ways to check this:
Method 1: Web Browser
Open a Web Browser to the DCE service on port 2939, the URL is below:
- https://<DCE FQDN or IP Address>:2939
- Replacing <DCE FQDN or IP Address> with either its IP address or Fully Qualified Domain name. (localhost can be used if testing from the DCE server
- Navigate past the certificate error
- Click on the certificate in the address bar and view the certificate
The expiry date will be shown
Method 2: Use Equitrac Certificate Manager
- Open Command prompt as the Service account running the DCE service
- Equitrac Office: Navigate to C:\Program Files\Equitrac\Office\Tools
- Equitrac Express: Navigate to C:\Program Files\Equitrac\Express\Tools
- Open the EQSSLCertificateManager.exe application
- Double click the certificate to display the expiry date
Method 3: PowerShell
- Open a Windows PowerShell session as Administrator on the DCE server.
- Enter the command Get-ChildItem Cert:\LocalMachine\Equitrac-Shared\ | select PSparentpath , Subject, Notafter | fl
- This will display the certificate expiry date in the PowerShell window
PSParentPath : Microsoft.PowerShell.Security\Certificate::LocalMachine\Equitrac-Shared
Subject : CN=DCEquitrac
NotAfter : 29/04/2023 14:07:35
If the certificate is about to expire, it is recommended to follow the KB Ricoh PCC5.1 Unified Client : How to renew the Device Control Engine (DCE) certificate without having to re-configure the device - Kofax to create new certificates with longer validity.
|Kofax||Unified Client for Ricoh|